In conventional technologies, applications are developed for mobile terminals based on operating systems of the mobile terminals. The mobile terminal may be a mobile phone or a tablet computer. The application needs to invoke an Application Programming Interface (API) function provide by the operating system so as to implement a specific function. For example, when a certain application needs to check data of an address book stored in a mobile terminal, the application invokes an API function for accessing the address book, so as to check the data of the address book. The API function for accessing the address book is provided by the operating system of the mobile terminal.
Generally, various applications are installed on the mobile terminal to implement various functions or services. However, some applications of the mobile terminal may secretly perform some operations related to data security of a user without informing the user or being authorized by the user. For example, the operation may include reading an address book stored in the mobile terminal, opening pictures stored in the mobile terminal, reading call history of the mobile terminal, which threats data security and user privacy.
Therefore, for the purpose of improving security of the mobile terminal and preventing the application from infringing on user privacy and broking user system, multiple applications currently running on the mobile terminal need to be monitored dynamically and effectively.
Generally, when monitoring the application currently running on the mobile terminal, the API function invoking performed by the application is monitored, e.g. the API function invoked by the application is monitored, so as to check whether the application infringes on user privacy or breaks user system. For example, the API function for reading the address book may be monitored in real time. When a certain application invokes this API function, the action of invoking this API function is obtained, and thus it is known that the application reads the address book stored in the mobile terminal. In this way, various applications running on the mobile terminal are dynamically monitored.
However, in conventional method for monitoring the API function invoking, only one API function is monitored in one monitoring procedure, the monitoring procedure of each API function is independent with each other, and all of the API functions to be monitored cannot be monitored in one monitoring procedure. If multiple API functions need to be monitored, similar monitoring procedures has to be performed for each of the API functions.
In addition, when the conventional method for monitoring the API function invoking is used, the monitoring of the invoked API function is isolated. During a procedure of running a certain application, invoked API functions and a sequence of invoking the API functions cannot be acquired, so that a logic relation between the invoked API functions cannot be analyzed.